# 2. Get the verification parameters passed from the front end after user verification lot_number = self.get_argument('lot_number', '') captcha_output = self.get_argument('captcha_output', '') pass_token = self.get_argument('pass_token', '') gen_time = self.get_argument('gen_time', '')
# 3. Generate signature # Using standard hmac algorithms to generate signatures, using the user's current verification serial number lot_number as the original message, and the client's verification private key as the key # Using sha256 hash algorithm to hash message and key in one direction to generate the final signature lotnumber_bytes = lot_number.encode() prikey_bytes = captcha_key.encode() sign_token = hmac.new(prikey_bytes, lotnumber_bytes, digestmod='SHA256').hexdigest()
# 4. Upload verification parameters to the second verification interface of GeeTest to verify the user verification status query = { "lot_number": lot_number, "captcha_output": captcha_output, "pass_token": pass_token, "gen_time": gen_time, "sign_token": sign_token, }
# captcha_idParameter is recommended to be placed after url, so that when an exception is requested, it can be quickly located in the log according to the id url = api_server + '/validate' + '?captcha_id={}'.format(captcha_id)
# Pay attention to handling interface exceptions, and make corresponding exception handling when requesting GeeTest secondary verification interface exceptions or response status is not 200 # Guarantee that the business process will not be blocked by interface request timeout or service non-response try: res = requests.post(url, query) assert res.status_code == 200 gt_msg = json.loads(res.text) except Exception as e: gt_msg = {'result': 'success', 'reason': 'request geetest api fail'}
# 5. According to the user authentication status returned by GeeTest, the website owner conducts his own business logic if gt_msg['result'] == 'success': self.write({'login': 'success', 'reason': gt_msg['reason']}) else: self.write({'login': 'fail', 'reason': gt_msg['reason']})